kexec-tools (SL7)

Synopsis: Moderate: kexec-tools security, bug fix, and enhancement update
Advisory ID: SLSA-2015:0986-1
Issue Date: 2015-05-12
CVE Numbers: CVE-2015-0267

It was found that the script provided by kexec-tools
created temporary files in an insecure way. A malicious, local user could
use this flaw to conduct a symbolic link attack, allowing them to
overwrite the contents of arbitrary files. (CVE-2015-0267)

This update also fixes the following bug:

* On Atomic Host systems, the kdump tool previously saved
kernel crash dumps in the /sysroot/crash file instead of the /var/crash
file. The parsing error that caused this problem has been fixed, and the
kernel crash dumps are now correctly saved in /var/crash.

In addition, this update adds the following enhancement:

* The makedumpfile command now supports the new sadump format that can
represent more than 16 TB of physical memory space. This allows users of
makedumpfile to read dump files over 16 TB, generated by sadump on certain
upcoming server models.


– Scientific Linux Development Team